1. Rudy

    Solved NAT + IPSEC ... can't get it to work

    At an office, a FreeBSD router is set up using ipfw and nat. This part works great and has for years. We added an ipsec tunnel for a remote network. I have the tunnel up, and can ping from the internal interface (em1 to the remote IP, no problem. For the nat, I set up...
  2. alfa

    FreeBSD IPsec enc0 NAT not works this is the problem

    Hi, i have trouble with Ipsec & pf enc0 nat problem . I show you my problematic scenerio below any help would be appreciated at this point STRONGSWAN CONFIGURATION alfa7000 { fragmentation = yes unique = replace version = 1 aggressive = no proposals...
  3. patpro

    Config problem with SoftEther VPN

    Hello, I'm trying to setup SoftEther VPN server on a FreeBSD internet gateway (between my home LAN and the Internet). My problem is exactly the same as in the thread "PC-to-LAN connection ok, but…" of softether users forum (https://www.vpnusers.com/viewtopic.php?f=7&t=4542) but I'm running...
  4. B

    strongswan IPSec, bhyve nat-traffic

    Hi, I was able to set up an IPSec/strongswan VPN tunnel and it works great so far (Forum: 67850). Now, I'd like to forward traffic from my bhyve VM's through the tunnel but I am having problems with it. The picture looks like that: (all done on FreeBSD 11.2p4) (*) normal DSL Router with...
  5. J

    Solved In-kernel NAT dropping large UDP return packets

    When a T-Mobile "femto-cell" is trying to establish its IPv4, IPSEC tunnel to the T-Mobile provisioning servers, the 4640-byte return packet is silently dropped by the in-kernel NAT, even though it "matches" the outbound packet from less than 100 ms prior. All other operations of the firewall...
  6. thomas_l

    Open vSwitch for SDN via GRE/IPSEC tunnel

    Hey FreeBSD people, I'm a long term Linux user who would like to include one or more FreeBSD server into his server infrastructure. Last week I set up a virtual management network via Open vSwitch on my Linux machines. This network connects Linux containers over multiple hosts. The network...
  7. N

    Looking for 1on1 help preferably in person (Toronto Area)

    Hello Everyone! I am a regular linux user of about 10 years. I am now looking to learn freeBSD. icsdhcp,gateways,ipsec and pf, ect. I am using vmware to create my network and finding that i read a doc on dhcp.conf and realize 1h later its for a version 2 years old and openBSD. I would like...
  8. nerozero

    VPN between two networks

    Hello everyone, I'm trying to build my first VPN tunnel between 2 gateways, both running FreeBSD 11.1. my question, is this manual still consistent? Making a tunnel - its easy,but when I try to apply encryption as it shown in handbook - tunnel stops working ... according to that manual...
  9. M

    l2tpd troubleshooting on FreeBSD 11.1

    Hi, I am trying to setup IPSEC/L2TP VPN client on FreeBSD 11.1, I got security/strongswan working and I can see it establish the connection, now trying to setup net/l2tpd, Following is the configuration: /usr/local/etc/l2tp/l2tp.conf [global] access control = yes Port = 1701 [lac l2tp] lns =...
  10. D

    PF + IPSEC + NAT

    Hello all, I am struggling here to get a working site-to-site VPN on FreeBSD 10.3-RELEASE-p24. At first I installed security/strongswanfrom ports (version 5.6.0), and it would not even load its configured connections. So I decided to manually compile security/strongswan 5.5.3 version and...
  11. S

    IPSec VPN LAN-LAN (Site-Site) for site with dynamic gray IP behind NAT

    Hi There is a case: - HQ with fixed white IP - Site with dynamic gray IP behind NAT (!!!) Need to setup IPSec VNP LAN-LAN to connect site to HQ. I've tried Racoon and succeded with establishing IPSec connection, but LAN-LAN connection wasn't established. The same with StrongSwan - I can see...
  12. S

    Other (about technical) How to achieve IPSec throughput above 2 Gbit/s

    Hello forum, (1) As stated in the subject, how to achieve IPSec throughput above 2 Gbit/s? (2) Has anyone run IPSec and successfully hit IPSec throughput above 2 Gbit/s? (3) Which FreeBSD version would be recommended for this scenario? (4) What should be tune in /boot/loader.conf ? (Our...
  13. J

    PF VOIP phone IPsec and pf+NAT

    Hello forum. This is a bit of a long shot and I don't have much useful diagnostic information to provide, but I'm otherwise running out of ideas. At home, I have replaced my ISP-supplied VDSL router with a bridging modem and a FreeBSD host running pf. I have a very simple ruleset which NATs...
  14. K

    Solved When to use Openswan?

    Hello! I am trying to look into the whole VPN/IPSec topic. I read the FreeBSD handbook but I am not sure about the different packages. As far as I understand FreeBSD provides IPSec support already. So what's the purpose of a package like OpenSwan. Is OpenSwan a replacement of the "native"...
  15. Donald Baud

    IPsec IKEV2 setup works but where is the interface?

    I setup a simple IPsec IKEv2 vpn. it works fine but how do I get detail about the network information? - Where is the interface tun0 or gif0 or whatever is holding the VPN client's IPs - Where is the routing table stored?, I can't see anything different on netstat -rn - I still...
  16. korund

    Routing between jails and physical interfaces

    I'm trying to get the following scheme up and running: What would be a good read to start except of jail man page?
  17. andrian

    How to add an exception in ipsec.conf

    Hi friends. Please help me. How to add an exception network addresses in IPsec.conf? I used security/ipsec-tools and very all good, but string in /etc/IPsec.conf for example: spdadd any -P out ipsec esp/tunnel/; spdadd any...
  18. ericx

    tunnel over high latency link

    We're trying to establish and maintain some sort of tunnel from a ship at sea over a high latency satellite link. Several satellite links are in use simultaneously. Bandwidth and latency vary considerably depending on the vendor in use and the position of the ship (this is an R/V; so the ship is...
  19. A

    SA sync

    Hello everyone, Can you please advice how can I sync IPSEC SAs between 2 routers ? Tried to configure Strongswan fail-over, but looks like FreeBSD has no HA plugin. Thank you Best regards, Alex
  20. part1zan_

    After IPSec is set up, the L2TP client cannot connect to the server

    Dear all, I have set up an L2TP server using mpd5, and it works fine. However, when I switch IPSec (ipsec-tools) on, the client doesn't seem to be able to connect to the server: it looks like the server doesn't get any packets from the client. The IPSec configs follow: Client setkey.conf...